Trying to block empty or null user-agent traffic into the site

Tesla · November 17, 2022, 8:56pm

Hello HAProxy friends,

I am trying to block empty or null user-agent traffic into our site.

I’m using HAProxy 2.4.17

I have the following two ACLs and two http-request denies, but neither are working when i spoof user-agents to be empty

    # Identify if user-agent is found
    acl found-user-agent req.fhdr(user-agent) -m found

    # Identify if user-agent has characters
    acl char-user-agent  req.hdr_cnt(user-agent) eq 0

    # Identify if source IP is internal
    acl internal-ip       src                172.16.0.0/16
.....
    # Send HTTP 502 if request does not have a User-Agent and not internal-ip
    http-request deny deny_status 502 if !found-user-agent !internal-ip

    # Send HTTP 502 if request has zero character user-agent and not internal-ip
    http-request deny deny_status 502 if char-user-agent !internal-ip

Any thoughts on what is going on and where my logic isnt right?
Thanks

AaronWest · November 24, 2022, 7:32pm

What about using a regex like (untested):

acl user-agent-empty req.hdr(user-agent) -m reg ^$

Topic		Replies	Views
Identifying and Redirecting Traffic Based on User-Agent Header in HAProxy Help!	3	876	October 9, 2023
Block IP address block ....deny ip is not working for some reason Help!	2	1076	July 29, 2023
Haproxy acl to block ips and host header Help!	2	2494	December 17, 2020
Howto block badbots, crawlers & scrapers using list file Help!	4	8953	February 7, 2017
ACL rule not working for TCP mode Help!	1	1723	August 22, 2016

Trying to block empty or null user-agent traffic into the site

Related topics